Adam Svoboda adamsvoboda

## Hunt for LPE via printnightmare
sequence by host.hostname with maxspan=1m
  [network where network.direction : ("egress", "outgoing") and
   process.name != "spoolsv.exe" and not network.protocol == "dns" and not user.name : "SYSTEM" and
   source.port >= 49152 and destination.port >= 49152] by destination.address,source.address, destination.port, source.port
  [network where process.name : "spoolsv.exe" and user.name : "SYSTEM" and
   network.direction : ("ingress", "incoming") and
   not network.protocol == "dns" and
   source.port >= 49152 and destination.port >= 49152] by source.address, destination.address, destination.port, source.port

## be_fn.hpp
#pragma once
#include <stdint.h>
#include <stdio.h>

namespace be
{
	void print_message( const char* msg )
	{
		printf( "[BATTLEYE] %s\n", msg );
	}

## gather.sh
#!/bin/bash
# This script assumes Responder is in /opt/Responder

# Error messages begone!
exec 2>/dev/null

# Hardcoded location for script output files
OUTDIR=${HOME}'/working/loot/gathered'
# Hardcoded location for ntlmrelayx's .sam file output directory
NTLMRELAY=${HOME}'/working/loot/ntlmrelay'

## customqueries.json
{
    "queries": [{
            "name": "List all owned users",
            "queryList": [{
                "final": true,
                "query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
            }]
        },
        {
            "name": "List all owned computers",

## docker-compose.yml
redis:
  image: redis
sentry-celery-beat:
  environment:
    SENTRY_SECRET_KEY: 'thisisnotsosecret'
  command:
  - sentry
  - celery
  - beat
  image: sentry

## System Design.md

      
              1 file
            
          
              2618 forks
            
          
              58 comments
            
          
              9423 stars
            
          
                vasanthk
                / System Design.md
            
            
              Last active
              May 25, 2024 07:39
            
              
                System Design Cheatsheet
              
          
    System Design Cheatsheet


Picking the right architecture = Picking the right battles + Managing trade-offs

Basic Steps


Clarify and agree on the scope of the system


User cases (description of sequences of events that, taken together, lead to a system doing something useful)

Who is going to use it?
How are they going to use it?


## links.md

      
              2 files
            
          
              19 forks
            
          
              20 comments
            
          
              226 stars
            
          
                cookrn
                / links.md
            
            
              Created
              November 5, 2012 05:04
            
              
                Ryan Dahl on Software
              
          
    Couldn't find the text of this for a while...

Original (404'ed) -- https://plus.google.com/115094562986465477143/posts/Di6RwCNKCrf
Fakeout -- http://www.dzone.com/links/rss/ryan_dahl_i_hate_almost_all_software.html
Repost -- https://plus.google.com/116904230181415286707/posts/DnAMAN5sUR8
	sequence by host.hostname with maxspan=1m
	[network where network.direction : ("egress", "outgoing") and
	process.name != "spoolsv.exe" and not network.protocol == "dns" and not user.name : "SYSTEM" and
	source.port >= 49152 and destination.port >= 49152] by destination.address,source.address, destination.port, source.port
	[network where process.name : "spoolsv.exe" and user.name : "SYSTEM" and
	network.direction : ("ingress", "incoming") and
	not network.protocol == "dns" and
	source.port >= 49152 and destination.port >= 49152] by source.address, destination.address, destination.port, source.port
	#pragma once
	#include <stdint.h>
	#include <stdio.h>

	namespace be
	{
	void print_message( const char* msg )
	{
	printf( "[BATTLEYE] %s\n", msg );
	}
	#!/bin/bash
	# This script assumes Responder is in /opt/Responder

	# Error messages begone!
	exec 2>/dev/null

	# Hardcoded location for script output files
	OUTDIR=${HOME}'/working/loot/gathered'
	# Hardcoded location for ntlmrelayx's .sam file output directory
	NTLMRELAY=${HOME}'/working/loot/ntlmrelay'
	{
	"queries": [{
	"name": "List all owned users",
	"queryList": [{
	"final": true,
	"query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m"
	}]
	},
	{
	"name": "List all owned computers",
	redis:
	image: redis
	sentry-celery-beat:
	environment:
	SENTRY_SECRET_KEY: 'thisisnotsosecret'
	command:
	- sentry
	- celery
	- beat
	image: sentry